sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

smb2_ioctl: only pass through to VFS on a valid fsp

Browse Source 
A null fsp is dereferenced on VFS call.

Reviewed by: Jeremy Allison <jra@samba.org>
This commit is contained in:
David Disseldorp 2013-01-15 17:23:08 +01:00 committed by Jeremy Allison
parent bfe765367e
commit c3cc51e8a2
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
source3/smbd/smb2_ioctl_network_fs.c
View File

@ -505,19 +505,23 @@ struct tevent_req *smb2_ioctl_network_fs(uint32_t ctl_code,
uint8_t *out_data = NULL;
uint32_t out_data_len = 0;
status = SMB_VFS_FSCTL(state->fsp,
state,
ctl_code,
state->smbreq->flags2,
state->in_input.data,
state->in_input.length,
&out_data,
state->in_max_output,
&out_data_len);
state->out_output = data_blob_const(out_data, out_data_len);
if (NT_STATUS_IS_OK(status)) {
tevent_req_done(req);
return tevent_req_post(req, ev);
if (state->fsp == NULL) {
status = NT_STATUS_NOT_SUPPORTED;
} else {
status = SMB_VFS_FSCTL(state->fsp,
state,
ctl_code,
state->smbreq->flags2,
state->in_input.data,
state->in_input.length,
&out_data,
state->in_max_output,
&out_data_len);
state->out_output = data_blob_const(out_data, out_data_len);
if (NT_STATUS_IS_OK(status)) {
tevent_req_done(req);
return tevent_req_post(req, ev);
}
}
if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {